This is how we are going to support multiple public key algorithms.
Right now there is no backward-combinatibility support and no key
negotiation support.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Assigns a public-key closure to the `key' key,
constructed as `rsa-public(E, N)'. The argument HUNOZ
must be an integer, but is otherwise ignored; it's
Assigns a public-key closure to the `key' key,
constructed as `rsa-public(E, N)'. The argument HUNOZ
must be an integer, but is otherwise ignored; it's
- conventionally the length of N in bits. Acceptable only
- at site level; required at site level.
+ conventionally the length of N in bits.
+ Acceptable only at site level. See `pub'.
mobile BOOL
Assigns BOOL to the `mobile' key. Acceptable only at
mobile BOOL
Assigns BOOL to the `mobile' key. Acceptable only at
Defines a public key. ALG is an algorithm name and
DATA91S is the public key data, encoded according to
secnet-base91 (see below).
Defines a public key. ALG is an algorithm name and
DATA91S is the public key data, encoded according to
secnet-base91 (see below).
- Not yet suported in make-secnet-sites.
+ Gives make-public("ALG","DATAB91S") in sites.conf;
+ at least one `pub' or `pubkey' must be specified.
serial SETIDHEX
Specifies the key set id (8 hex digits representing
serial SETIDHEX
Specifies the key set id (8 hex digits representing
import io
open=lambda f,m='r': io.open(f,m,encoding='utf-8')
import io
open=lambda f,m='r': io.open(f,m,encoding='utf-8')
-max={'rsa_bits':8200,'name':33,'dh_bits':8200}
+max={'rsa_bits':8200,'name':33,'dh_bits':8200,'algname':127}
def debugrepr(*args):
if debug_level > 0:
def debugrepr(*args):
if debug_level > 0:
class pubkey (basetype):
"Some kind of publie key"
class pubkey (basetype):
"Some kind of publie key"
+ def __init__(self,w):
+ self.a=w[1].name('algname')
+ self.d=w[2].base91();
+ def __str__(self):
+ return 'make-public("%s","%s")'%(self.a,self.d)
class rsakey (pubkey):
"An RSA public key"
class rsakey (pubkey):
"An RSA public key"
if len(w) >= 5: w[4].email()
def __str__(self):
return 'rsa-public("%s","%s")'%(self.e,self.n)
if len(w) >= 5: w[4].email()
def __str__(self):
return 'rsa-public("%s","%s")'%(self.e,self.n)
+ # this specialisation means we can generate files
+ # compatible with old secnet executables
def somepubkey(w):
if w[0]=='pubkey':
return rsakey(w)
def somepubkey(w):
if w[0]=='pubkey':
return rsakey(w)
+ elif w[0]=='pub':
+ return pubkey(w)
'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"),
'restrict-nets':(networks,"Allowable networks"),
'networks':(networks,"Claimed networks"),
'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"),
'restrict-nets':(networks,"Allowable networks"),
'networks':(networks,"Claimed networks"),
+ 'pub':(listof(somepubkey),"new style public site key",'pubkey'),
'pubkey':(listof(somepubkey),"RSA public site key"),
'peer':(single_ipaddr,"Tunnel peer IP address"),
'address':(address,"External contact address and port"),
'pubkey':(listof(somepubkey),"RSA public site key"),
'peer':(single_ipaddr,"Tunnel peer IP address"),
'address':(address,"External contact address and port"),
'address':sp,
'networks':None,
'peer':None,
'address':sp,
'networks':None,
'peer':None,
'pubkey':None,
'mobile':sp,
})
'pubkey':None,
'mobile':sp,
})